concept

Encrypt-then-MAC

Encrypt-then-MAC is a cryptographic security principle where data is first encrypted and then a Message Authentication Code (MAC) is computed over the ciphertext. This approach ensures both confidentiality through encryption and integrity/authenticity through the MAC, protecting against tampering and unauthorized modifications. It is widely regarded as a best practice for secure communication protocols and data storage.

Also known as: ETM, Encrypt then MAC, Encrypt-then-MAC, Encrypt then Authenticate, ETM mode
🧊Why learn Encrypt-then-MAC?

Developers should use Encrypt-then-MAC when building systems that require both data confidentiality and integrity, such as in secure messaging apps, financial transactions, or API communications. It prevents attacks like padding oracle exploits and ensures that any tampering with encrypted data is detected before decryption, making it safer than alternatives like MAC-then-encrypt or encrypt-and-MAC. This is particularly critical in protocols like TLS and applications handling sensitive user data.

Compare Encrypt-then-MAC

Encrypt-then-MAC vs Mac Then Encrypt→Encrypt-then-MAC vs Encrypt And Mac→Encrypt-then-MAC vs Authenticated Encryption→

Learning Resources

📄
RFC 7366 - Encrypt-then-MAC for TLS and DTLS
docs
→
📚
Cryptography Engineering - Chapter on Modes of Operation
book
→
🎓
Stanford Cryptography I Course (Coursera)
course
→
🎬
Encrypt-then-MAC Explained (YouTube)
video
→
📄
OWASP Cryptographic Storage Cheat Sheet
docs
→

Related Tools

CryptographyMessage Authentication CodesSymmetric EncryptionTlsData Integrity

Alternatives to Encrypt-then-MAC

Mac Then EncryptEncrypt And MacAuthenticated Encryption